« ASCII Configuration Generator (ACG) for Nortel Switches

Nortel VPN Client – Checking for banner text

With the recent surge in gas prices many employers and employees have taken to telecommuting. The surge has given rise to an avalanche of trouble tickets and support calls from folks trying to use their employers virtual private network solution from their home personal computers and broadband connections.

One typical problem that some users might encounter when using the Nortel VPN client is the “Checking for banner text” message. During the initial stage of connecting the Nortel VPN client will display the “Checking for banner text” message and then either become unresponsive or report to the user that the connection was lost.

Let me paraphrase from the Nortel documentation:

A common reason for the banner message to stop responding is a firewall or router, placed somewhere along the path from the remote computer to the gateway, which blocks ESP or Authentication Header (AH) traffic. The firewall can be a personal firewall installed on the remote computer, a firewall or router at the Internet Service Provider (ISP), or a corporate firewall. In this situation, IPsec Internet Security and Key Management Protocol (ISAKMP) traffic that negotiates the tunnel establishment goes through the tunnel, but the ESP- or AH-encapsulated traffic inside the tunnel does not get through. When the banner text is retrieved through the established tunnel, the banner message or other traffic secured by the ESP or AH never reaches the client and the Nortel VPN Client continues to wait for a response from the gateway until a timeout period is reached. To resolve this issue, ensure the following traffic is allowed to pass through the firewalls along the path:

UDP protocol (17) port 500, both inbound and outbound
ESP protocol (50), both inbound and outbound
AH protocol (51), both inbound and outbound

The same scenario occurs as in the previous section if Network Address Translation Transversal (NAT-T) is configured and the firewall blocks the UDP port selected for NAT-T along the path. To resolve this issue, you’ll need to ensure the port that is being utilized can pass through the firewalls on a personal, corporate, or ISP level. You’ll need to contact whomever is managing the VPN router to determine which UDP port you might need to open.

Cheers!

This entry was posted by Michael McNamara on November 5, 2008 at 8:00 pm, and is filed under VPNRouter. Follow any responses to this post through RSS 2.0.You can leave a response or trackback from your own site.

Comments (5)
Related Posts

#1 written by chris 1 year ago
The banner issue happens each time my original connection drops and I try to reconnect. In some case just loging out from windows and loging back in is sufficient to clear the issue… in some case I need to reboot…
Since most of the time the connections and reconnection after stand-by (unless the connection started to be unresponsive suddenly) works fine, I suppose the issue is not one of the firewalls… but more like a cached state on my windows laptop…
Any idea about that and how to clear that state without a long and painful logout?
Thanks,
Chris.
Reply Quote
- #2 written by Michael McNamara 1 year ago
  Hi Chris,
  Unfortunately there’s something preventing the client from functioning properly. What version of the NVC (Nortel VPN Client) are you running? You might try upgrading to the latest available version.
  Good Luck!
  Reply Quote
- #3 written by DanLau 2 months ago
  Did you ever find a solution to this issue?
  Reply Quote
  - #4 written by Michael McNamara 2 months ago
    Hi DanLau,
    Assuming you don’t have something blocking your IPSec traffic there was a known bug in the Avaya VPN Client that was recently addressed.
    You should probably update to the latest version.
    http://blog.michaelfmcnamara.com/2011/12/avaya-vpn-client-release-10-05-150-for-windows-7/
    Good Luck!
    Reply Quote
#5 written by Miles 4 days ago
Actually I got same issue on Avaya VPN Client Release 10.05.150 for windows 7(x64).
Reply Quote
Type your comment
You may use these HTML tags: <a> <abbr> <acronym> <b> <blockquote> <cite> <code> <del> <em> <i> <q> <strike> <strong>
Notify me of followup comments via e-mail. You can also subscribe without commenting.
Comment Feed for this Post

SPONSOR
Tweets
Michael McNamara 385 followers 571 tweets
- @Hemu68 post on forums and I will respond, http://forums.network infrastructure.info18 hours ago
- Congratulations #Giants it was a great game!2 days ago
- @CaptainHostile Its a halftime show not a strip tease. I thought it was pretty good, now Clint was looking a little worn.2 days ago
- @markstevens20 Same from my 11 year old daughter :-)2 days ago
Blogroll
LICENSE
This blog licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
This license lets others remix, tweak, and build upon my work even for commercial purposes, as long as they credit me and license their new creations under the identical terms.
You must provide attribution in the derived work and you must include a link to the original content.

Go to Top

Nortel VPN Client – Checking for banner text

SPONSOR

Tweets

Blogroll

LICENSE